Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skip discovery/analysis #643

Closed
noperator opened this issue Mar 4, 2025 · 2 comments · Fixed by #644
Closed

Skip discovery/analysis #643

noperator opened this issue Mar 4, 2025 · 2 comments · Fixed by #644
Assignees
@noperator
Labels
question Further information is requested
Milestone
v2.10.0

Comments

@noperator
Copy link
Contributor

Question

Is there a way to skip discovery (including static/parameter analysis) if I already know which parameter I want to target? I'd like to go straight to the scanning phase. I'm aware of the --param option, but dalfox seems to still perform discovery even when I supply a specific parameter to target. If dalfox can't currently do this, I'll just submit a PR for a --skip-discovery CLI flag.

Thanks for a great tool!

Environment

  • Dalfox Version: v2.9.3
  • Installed from: source
@noperator noperator added the question Further information is requested label Mar 4, 2025
@hahwul
Copy link
Owner

hahwul commented Mar 4, 2025

@noperator
Hi! Thanks for reaching out and for the kind words about the tool — I really appreciate it!

You’re right that the --param option still triggers the discovery phase, including static and parameter analysis. While there isn’t a flag to skip the entire discovery process just yet, you can use options like --skip-mining-* (e.g., --skip-mining-all) to bypass specific parts of the parameter mining process. That might help streamline things a bit depending on your use case.

That said, a dedicated --skip-discovery CLI flag doesn’t currently exist, and I agree it’d be a great addition for scenarios like yours where you already know the target parameter. If you’re up for submitting a PR to add this feature, I’d be more than happy to review it — it sounds like a valuable enhancement!

Let me know if you have any other questions or need help with anything else. Thanks again!

@noperator
Copy link
Contributor Author

Thanks for the quick reply. Yeah, I'm already skipping mining but also want to skip discovery. Will submit PR shortly 🙂

@noperator noperator mentioned this issue Mar 4, 2025
Merged
@hahwul hahwul added this to the v2.10.0 milestone Mar 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@noperator noperator

Labels
question Further information is requested
Projects
None yet
Milestone
v2.10.0
Development

Successfully merging a pull request may close this issue.

new: add option to skip discovery noperator/dalfox
2 participants
@noperator @hahwul